|
Home > Archive > Macromedia Flash Server > July 2005 > 'Web Portal' Ticket Authentication for Lobby/Room App
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
'Web Portal' Ticket Authentication for Lobby/Room App
|
|
| Jim Duber 2005-07-17, 5:45 pm |
| Greetings all,
I'd like to add a 'single sign-on' ticketing system (as described in
the PFCS book on pages 755-758) to a lobby/room chat application I'm
working on. At this point, I've got all the bits and pieces working
separately (having adapted the cold fusion samples to work with php and
AMFPHP).
Now, I need to integrate the authentication system with the chat app.
The chat app is comprised of two swf files on the client side: a
lobby.swf which loads a room.swf. Simple. On the server side, there's a
main.asc file which loads separate lobby.asc and room.asc files
accordingly. The chat app is based on the 'helloVideo' application from
Ch. 1, btw.
My question is how to add a ticketing authentication system to such an
application. In particular, I'm confused as to where to place a
checkTicket (Remoting) method call on the FlashCom server and how to
adapt it so as to ensure that only authenticated users will have access
to both the lobby and room.
Any advice would be greatly appreciated.
Thanks very much and best wishes,
Jim
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
| |
| lti-1a8g-LMbKfuCQv7pBDgjK7y7TUQ@public.gmane.o 2005-07-18, 5:45 pm |
| Hi,
The simpliest way to perform ticketing authentification is to include
the process in your Application.OnConnect method in your main.asc
The Application.OnConnect method, if present, is always called before
upon a new connection (from your client) to the FCS application.
As you only have one app server-side, this authentification would be a
global one : either the user is successfully authentificated, and can
access both the lobby and the chat room, or the user is not successfully
authentificated and can't even access the lobby.
You could raffine a bit the ticketing system, but it depends greatly on
how you plan to allow access to the lobby and the chat room.
lti-1a8g (and yes, I sued my parents for giving me such a name)
Jim Duber wrote:
> ***
> This message was sent to your KasMail disposable email address:
> FlashComm Mailing List flashcomm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> ***
>
> Greetings all,
>
> I'd like to add a 'single sign-on' ticketing system (as described in
> the PFCS book on pages 755-758) to a lobby/room chat application I'm
> working on. At this point, I've got all the bits and pieces working
> separately (having adapted the cold fusion samples to work with PHP
> and AMFPHP).
>
> Now, I need to integrate the authentication system with the chat app.
> The chat app is comprised of two swf files on the client side: a
> lobby.swf which loads a room.swf. Simple. On the server side, there's
> a main.asc file which loads separate lobby.asc and room.asc files
> accordingly. The chat app is based on the 'helloVideo' application
> from Ch. 1, btw.
>
> My question is how to add a ticketing authentication system to such an
> application. In particular, I'm confused as to where to place a
> checkTicket (Remoting) method call on the FlashCom server and how to
> adapt it so as to ensure that only authenticated users will have
> access to both the lobby and room.
>
> Any advice would be greatly appreciated.
>
> Thanks very much and best wishes,
>
> Jim
>
>
> =-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
| |
| Brian Lesser 2005-07-18, 5:45 pm |
| Hi Jim,
Before a client connects to a lobby or to a room it should request a new
ticket from the Web application server. When the client connects to the
lobby or room it should pass in the fresh ticket. The lobby and room
instances should call checkTicket on the Web application server to
verify that the ticket is correct. In other words before the client
connects to a new instance (room or lobby) it must ask for a new ticket
first and then send that ticket to the instance. I don't know if that
answers the question though...
Yours truly,
-Brian
Jim Duber wrote:
> Greetings all,
>
> I'd like to add a 'single sign-on' ticketing system (as described in
> the PFCS book on pages 755-758) to a lobby/room chat application I'm
> working on. At this point, I've got all the bits and pieces working
> separately (having adapted the cold fusion samples to work with PHP
> and AMFPHP).
>
> Now, I need to integrate the authentication system with the chat app.
> The chat app is comprised of two swf files on the client side: a
> lobby.swf which loads a room.swf. Simple. On the server side, there's
> a main.asc file which loads separate lobby.asc and room.asc files
> accordingly. The chat app is based on the 'helloVideo' application
> from Ch. 1, btw.
>
> My question is how to add a ticketing authentication system to such an
> application. In particular, I'm confused as to where to place a
> checkTicket (Remoting) method call on the FlashCom server and how to
> adapt it so as to ensure that only authenticated users will have
> access to both the lobby and room.
>
> Any advice would be greatly appreciated.
>
> Thanks very much and best wishes,
>
> Jim
>
>
> =-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
--
________________________________________
______________________________
Brian Lesser
Assistant Director, Teaching and Technology Support
Computing and Communications Services
Ryerson University
350 Victoria St.
Toronto, Ontario Phone: (416) 979-5000 ext. 6835
M5B 2K3 Fax: (416) 979-5220
Office: AB48D E-mail: blesser-6s6ziW1YCwCw5LPnMra/2Q@public.gmane.org
(Enter through LB66) Web: http://www.ryerson.ca/~blesser
________________________________________
______________________________
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
| |
| Jim Duber 2005-07-18, 5:45 pm |
| Hi Brian,
Thanks very much for your reply. I'm delivering the lobby swf via a PHP
version of your "main.cfm" (the 'WebPortalTicketTestClient' page) on p.
756 of 'The Book'. So, a ticket and ticketID are generated when the
page loads, inserted into a ticket table and loaded into the Flash app
in the FlashVars parameters on this page.
I plan on passing the ticket and ticketID in the nc.connect call when
the lobby app first connects to the FCS and having the server check
those credentials via a remoting call.
According to the recommendations in The Book, I have set the ticket to
expire with a 'staleDateTime' stamp that kicks in 5 minutes after the
ticket is created. In addition, the checkTicket remoting call deletes
the ticket record at the moment when it is first accepted. Further
complicating matters is that I'm not loading the room instances with a
separate web page--instead I'm loading them in Window components within
the main lobby swf. All of which makes my head swirl when I try to
figure out how to begin to approach the remoting implementation from
the FC side.
I like the suggestion 'lti-1a8g' included in his/her response to my
question, "to include the process in your Application.OnConnect method
in your main.asc...this authentification would be a global one : either
the user is successfully authentificated, and can access both the lobby
and the chat room, or...not".
A bit of sample (even pseudo) code to get me started in this direction
would be very much appreciated.
Thanks very much,
Jim
On Jul 18, 2005, at 7:44 AM, Brian Lesser wrote:
> Hi Jim,
> Before a client connects to a lobby or to a room it should request a
> new ticket from the Web application server. When the client connects
> to the lobby or room it should pass in the fresh ticket. The lobby and
> room instances should call checkTicket on the Web application server
> to verify that the ticket is correct. In other words before the client
> connects to a new instance (room or lobby) it must ask for a new
> ticket first and then send that ticket to the instance. I don't know
> if that answers the question though...
> Yours truly,
> -Brian
>
> Jim Duber wrote:
>
>
>
>
> --
> ________________________________________
______________________________
> Brian Lesser
> Assistant Director, Teaching and Technology Support
> Computing and Communications Services
> Ryerson University
> 350 Victoria St.
> Toronto, Ontario Phone: (416) 979-5000 ext. 6835
> M5B 2K3 Fax: (416) 979-5220
> Office: AB48D E-mail: blesser-6s6ziW1YCwCw5LPnMra/2Q@public.gmane.org
> (Enter through LB66) Web: http://www.ryerson.ca/~blesser
> ________________________________________
______________________________
>
>
> =-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
| |
| Brian Lesser 2005-07-18, 5:45 pm |
| Hi Jim,
For security (to avoid replay attacks) a ticket must only be used once.
That means you need to get a new one for each new connection you make.
Once a user logs into a Web application you should be able to maintain a
session for them in the web app. So you could make available a secure
web page that the client can call to get a new ticket. In the book I use
a CFC to do that with Flash remoting. But in this old article I used a
regular Coldfusion page and good old LoadVars:
http://echo.ryerson.ca/authentication/index.html
I hope that helps a little? I'm afraid I stopped using php around
version 2 so can't get very specific about using it.
Yours truly,
-Brian
Jim Duber wrote:
> Hi Brian,
>
> Thanks very much for your reply. I'm delivering the lobby swf via a
> php version of your "main.cfm" (the 'WebPortalTicketTestClient' page)
> on p. 756 of 'The Book'. So, a ticket and ticketID are generated when
> the page loads, inserted into a ticket table and loaded into the Flash
> app in the FlashVars parameters on this page.
>
> I plan on passing the ticket and ticketID in the nc.connect call when
> the lobby app first connects to the FCS and having the server check
> those credentials via a remoting call.
>
> According to the recommendations in The Book, I have set the ticket to
> expire with a 'staleDateTime' stamp that kicks in 5 minutes after the
> ticket is created. In addition, the checkTicket remoting call deletes
> the ticket record at the moment when it is first accepted. Further
> complicating matters is that I'm not loading the room instances with a
> separate web page--instead I'm loading them in Window components
> within the main lobby swf. All of which makes my head swirl when I try
> to figure out how to begin to approach the remoting implementation
> from the FC side.
>
> I like the suggestion 'lti-1a8g' included in his/her response to my
> question, "to include the process in your Application.OnConnect method
> in your main.asc...this authentification would be a global one :
> either the user is successfully authentificated, and can access both
> the lobby and the chat room, or...not".
>
> A bit of sample (even pseudo) code to get me started in this direction
> would be very much appreciated.
>
> Thanks very much,
>
> Jim
>
>
> On Jul 18, 2005, at 7:44 AM, Brian Lesser wrote:
>
>
>
> =-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
|
|
|
|
|